package com.songcan.oauth.confinguration;

import com.songcan.oauth.handle.FormAuthenticationFailureHandler;
import com.songcan.oauth.provider.CustomPreAuthProvider;
import com.songcan.oauth.provider.SaltDaoAuthenticationProvider;
import lombok.SneakyThrows;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.SecurityConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService;

import java.util.Set;


@Primary
@Order(SecurityProperties.DEFAULT_FILTER_ORDER)
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {


    @Value("${ignore.urls}")
    private Set<String> urls;

    @Autowired
    private SecurityConfigurer securityConfigurer;
   @Autowired
   private CustomPreAuthProvider customPreAuthProvider;
   @Autowired
   private  SaltDaoAuthenticationProvider saltDaoAuthenticationProvider;
    @Override
    @SneakyThrows
    protected void configure(HttpSecurity http) {
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry =
                http.authorizeRequests();
        urls.forEach(url -> registry.antMatchers(url).permitAll());
        saltDaoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        http.apply(securityConfigurer);
        http.authorizeRequests().anyRequest().authenticated()
                .and().csrf().disable().httpBasic()
        .and()
                .authenticationProvider(saltDaoAuthenticationProvider)
        .authenticationProvider(customPreAuthProvider);

    }

    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/css/**");
    }

    @Bean
    @Override
    @SneakyThrows
    public AuthenticationManager authenticationManagerBean() {
        return super.authenticationManagerBean();
    }

    @Bean
    public AuthenticationFailureHandler authenticationFailureHandler() {
        return new FormAuthenticationFailureHandler();
    }





    /**
     * https://spring.io/blog/2017/11/01/spring-security-5-0-0-rc1-released#password-storage-updated
     * Encoded password does not look like BCrypt
     *
     * @return PasswordEncoder
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }
}
